Simbad
(Kieszo)
18 Grudzień 2005 14:18
#1
Logfile of HijackThis v1.99.1 Scan saved at 15:20:22, on 2005-12-18 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\atwtusb.exe C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Paweł\Pulpit\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\urszula1\USTAWI~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 127.0.0.3 http://www.greg-tut.com O1 - Hosts: 127.0.0.3 nylonsexy.com O1 - Hosts: 127.0.0.3 http://www.nylonsexy.com O1 - Hosts: 127.0.0.3 vparivalka.com O1 - Hosts: 127.0.0.3 http://www.vparivalka.comtoescrowpay.com O1 - Hosts: 127.0.0.3 http://www.awmdabest.com O1 - Hosts: 127.0.0.3 http://www.sexfiles.nu O1 - Hosts: 127.0.0.3 awmdabest.com O1 - Hosts: 127.0.0.3 sexfiles.nu O1 - Hosts: 127.0.0.3 allforadult.com O1 - Hosts: 127.0.0.3 http://www.allforadult.com O1 - Hosts: 127.0.0.3 http://www.iframe.biz O1 - Hosts: 127.0.0.3 iframe.biz O1 - Hosts: 127.0.0.3 http://www.newiframe.biz O1 - Hosts: 127.0.0.3 newiframe.biz O1 - Hosts: 127.0.0.3 http://www.vesbiz.biz O1 - Hosts: 127.0.0.3 vesbiz.biz O1 - Hosts: 127.0.0.3 http://www.pizdato.biz O1 - Hosts: 127.0.0.3 pizdato.biz O1 - Hosts: 127.0.0.3 http://www.aaasexypics.com O1 - Hosts: 127.0.0.3 aaasexypics.com O1 - Hosts: 127.0.0.3 http://www.virgin-tgp.net O1 - Hosts: 127.0.0.3 virgin-tgp.net O1 - Hosts: 127.0.0.3 http://www.awmcash.biz O1 - Hosts: 127.0.0.3 awmcash.biz O1 - Hosts: 127.0.0.3 buldog-stats.com O1 - Hosts: 127.0.0.3 http://www.buldog-stats.com O1 - Hosts: 127.0.0.3 fregat.drocherway.com O1 - Hosts: 127.0.0.3 slutmania.biz O1 - Hosts: 127.0.0.3 http://www.slutmania.biz O1 - Hosts: 127.0.0.3 toolbarpartner.com O1 - Hosts: 127.0.0.3 http://www.toolbarpartner.com O1 - Hosts: 127.0.0.3 http://www.megapornix.com O1 - Hosts: 127.0.0.3 megapornix.com O1 - Hosts: 127.0.0.3 http://www.sp2fucked.biz O1 - Hosts: 127.0.0.3 sp2fucked.biz O2 - BHO: (no name) - {5702A1D8-9944-4080-9524-1A9D0B4F0474} - (no file) O2 - BHO: (no name) - {7462B8E9-2A23-2982-28D7-22879B82BACE} - C:\WINDOWS\System32\mkcaazdv.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [atwtusb] atwtusb.exe beta O4 - HKLM…\Run: [FineReader7NewsReaderPro] “C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O10 - Broken Internet access because of LSP provider ‘xfire_lsp_9028.dll’ missing O15 - Trusted Zone: *.iframedollars.biz (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTickets … refid=2732 O16 - DPF: {A1FE3DE0-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Demon) - http://67.15.101.3/g_bin/pl/demon_2_0_0_18.cab O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbies&Diamonds) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab O17 - HKLM\System\CCS\Services\Tcpip…{CACCC791-3F5E-4B08-8E7D-BBD2331B35B4}: NameServer = 10.0.110.1,194.204.159.1,194.204.152.34 O18 - Filter: text/html - {DEAE23CE-1C7A-472A-AC8B-72B1BA9D0B41} - (no file) O18 - Filter: text/plain - {DEAE23CE-1C7A-472A-AC8B-72B1BA9D0B41} - (no file) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - (no file) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - C:\Program Files\Symantec AntiVirus\DefWatch.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Unknown owner - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (file missing)
====================================
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.
Pozdrawiam kuz5
Gutek
(Gutek)
18 Grudzień 2005 15:25
#3
zostaw analize log-a i się wiećesj nie wypowiadaj, Aiptek Graphics Tablet, drugi to od plików PDF program i do reala
Analiza:
Wyłączyć Przywracanie systemu w XP TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. Dodatkowo O15 może będzie stawiać opór więc ściągnij KillTrusted 0.7
Skasować z dysku pliki, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log
LSP-Fix usuniesz wpisy 010 TU odpal LSP-Fix zaznacz “I know what I’m doing” następnie w okienku Keep zaznacz plik xfire_lsp_9028.dll i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish